Approov Blog

Mobile Security (7)

Considering the recent “Playing with FHIR” research report together with the earlier “All that We Let In” research report (which looked at the state of mHealth app/API security), it would be understandable if healthcare organizations were unsure of what immediate actions they should take. In this article we will focus on healthcare service companies who have patient or clinician mobile apps, for whom we will recommend 3 immediate steps which should be taken today. Read Full Story

Alissa Knight released her report “Playing with FHIR” a couple of weeks ago (download it here) about her investigations into the security of healthcare apps and APIs which use the FHIR standard. This report has certainly sparked a lot of debate about the security of healthcare apps and a broader discussion about who is accountable for keeping patient data safe as the ecosystem expands. The bottom-line is that everyone in the healthcare ecosystem needs to take steps to shield their APIs immediately. Read Full Story

Editor's note: This post was originally published in November 2021 in Cyber Defense Magazine. The massive deployment of mobile apps is presenting new attack surfaces to bad actors and the API channel between the apps and backend services is one of the 5 defined attack surfaces in the ecosystem. In this article we will explore the challenges of defending this channel and outline some practical steps you can take to put immediate protection in place. Read Full Story

Editor's note: This post was originally published in September 2021 in Threatpost. Data breaches and hacking put internet users at risk of account takeover, if cyber-criminals successfully gain access to valid login credentials. There are reckoned to be in excess of 8.4 million discrete passwords currently circulating online, over 3.5 billion of which are tied to active email addresses. Read Full Story

In this article, we’ll be looking at the role that mobile health or mHealth apps and Application Programming Interfaces (APIs) are playing in remote care of the elderly. We shall also consider the vulnerabilities that can afflict these digital platforms, as well as remedial measures and best practices for dealing with these issues. Read Full Story

Editor's note: This post was originally published in September 2021 in Threatpost. There are two essential elements driving progress in today's digital-first economy: Mobile applications and APIs. An API (Application Programming Interface) is software that allows applications to communicate and exchange data with each other. Read Full Story

We have released a short video that demonstrates how fake apps can be used to commit fraud against your business and how Approov can help your organisation to fight back against these fake and/or repackaged apps. Read Full Story

Editor's note: This post was originally published in July 2021 in Cyber Defense Magazine. A regular pyramid has 5 surfaces, 4 sloping ones and another as its base. In this article we will walk through the mobile attack pyramid, discussing each of the 5 attack surfaces and recommending best practice for protecting them. Read Full Story

Editor's note: This post was originally published in June 2021 in Security Today. The Covid-19 epidemic has forced the car rental industry into rethinking its value proposition. While it once positioned itself as an ancillary service to the airline industry, generating the bulk of its income through airport locations, a collapse in global airline passenger numbers over the past year may have sped up a process already underway: Far from occupying a segment in the travel industry, car rental companies are now one corner of the Cars as a Service industry. Read Full Story

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight. This is the third blog in a series about the security risks exposed by the push to adopt FHIR APIs in US healthcare. Read Full Story